In a previous blog post, I showed how you could use Frame Admin API to monitor Frame accounts that had running instances because of misconfigured account capacity settings. This could lead to spending more on your cloud infrastructure than is needed. In this blog, I will demonstrate how you can use the Frame Admin API to identify and delete user volumes that have not been used in a while. Periodically removing unused volumes can help keep cloud storage costs down and can make sure that your data retention policies are being appropriately followed.
The Frame Education team uses public cloud infrastructure to conduct labs that demonstrate the power and capabilities of Frame. Sometimes during the course of these labs, students change the capacity settings of their Frame lab accounts to have machines running 24x7. Since these machines are in a public cloud, this can cause unnecessary and unexpected cloud expenses. To combat this, I developed a script to check all of the Frame accounts in the Frame Education customer entity and send alerts to a Slack channel if an account has a machine setup to run outside the hours of the Frame Lab. This allows the Frame instructors to identify and shutdown machines running outside of the lab's hours and shut them down. In this blog, I will go over how I used the Frame Admin API to accomplish this.
In my previous blog posts I have outlined how the Frame™ Bring Your Own (BYO) Networking capability in Amazon Web Services (AWS) could be used to deploy a Frame account in a manner that would allow Frame-managed workload VMs to be connected to an existing private network. Recent addition of Frame Remoting Protocol (FRP) 8 has adjusted some of the ports and protocols used for workload connectivity. In this blog, I will update how the Frame Streaming Gateway Appliance (SGA) interacts with the new FRP8 networking environment.
The Nutanix® Frame® Desktop-as-a-Service (DaaS) solution that allows administrators to create pools of non-persistent desktops and applications for use by internal and external users. When used on one of the public cloud infrastructures – AWS®, Azure® or GCP® clouds – this service can scale out very quickly and increase an organization's capacity to support a variety of use cases
One use case provides applications for training or tradeshow/conference demonstration purposes on a temporary basis.This use case could become important to close all the active sessions on a Frame account to allow deprovisioning of the cloud resources. This blog will step you through how the Frame admin API can be used to accomplish this objective via a PowerShell script.
Nutanix Frame® Desktop-as-a-Service (DaaS) has long supported private network workloads via the implementation of a Streaming Gateway Appliance (SGA). On public cloud infrastructure, this capability can be automatically deployed upon account creation. As a part of this process, the Frame platform creates a Network Address Translation (NAT) Gateway to ensure that the workloads have a way to communicate back to the Frame control plane residing on the Internet. When deployed, this NAT GW does not provide network administrators the ability to control or restrict the outbound web traffic of the workloads. By combining an autodeployed SGA with Amazon® Web Service's (AWS) Network Firewall solution, a network administrator can get fine grained control of the outbound web traffic for Frame-managed workloads and still allow them to contact the Frame control plane. This blog will demonstrate how this can be done.
Frame® Desktop-as-a-Service (DaaS) provides a detailed scheduling capability to ensure that Frame accounts are able to deliver just-in-time production capacity while minimizing the additional cost of having idle cloud capacity. However, Frame does not currently have the built-in feature to alert administrators when an existing production pool is running out of provisioned capacity. This might lead to users not being able to connect to a session because all of the VMs in the production pool are in use at a moment in time. This blog will demonstrate how the Frame Admin API can be used to monitor the actual number of concurrent sessions and send a message to a Slack® channel when the number of active sessions reaches a certain percentage of the provisioned capacity of a Frame production pool.
Nutanix's Frame® desktop-as-a-service, with its ability to deliver virtual desktops and applications on non-persistent virtual machines, is a key part of the security posture of many customers. When combined with Frame application mode, which eliminates the Windows® Desktop and focuses the end user on a single set of published applications, Frame provides enterprises with a secure way to deliver Windows applications and not lose control of the underlying data. As a part of our Enterprise Profiles capability, Nutanix released a feature that allows Frame administrators to further secure their Frame environment by forcing users with Enterprise Profiles to be logged in as a non-administrative local Windows user. Recently, this feature has been turned into a setting that can be applied to any Frame account that is not using the Frame Domain Join feature.
The Nutanix Frame™ Platform records session and audit log information on what actions users and administrators are doing in the Frame Desktop-as-a-Service (DaaS). This session and audit log information is available for download from the Frame Console. Enterprises often want to combine this session and audit event data with information from other sources within their Security Information and Event Management (SIEM) solution in order to obtain a more comprehensive view of what is occurring in their enterprise. In this blog, we will demonstrate how Frame Admin API can be used within a PowerShell script to retrieve audit data from Frame and insert it into the Splunk® event manager, one of the more popular SIEM's on the market.
Nutanix Frame™ Desktop as a Service (DaaS) solution supports multiple networking models. One of the more popular networking models for enterprises is the Frame Private networking model. This model allows the Frame workload VMs to have private IP addresses on the enterprise private network and access private networking resources and it is the simplest way to inherit existing network security processes.
However, remote users still need a way to connect to these private networks. The traditional way of implementing this access is to deploy a VPN, but that requires implementing and maintaining software on the user endpoint devices and VPN connections can overload security products like firewalls.
Frame offers a Streaming Gateway Appliance (SGA) to meet this need, but some enterprises may wish to take advantage of the “security as a service” model offered by Zscaler, Inc. Zscaler offers a “DMZ as a service” solution that can provide DMZ type functionality without the complication involved in many DMZ deployments. The Zscaler® service maintains many certifications required by government agencies and it meets the rigorous standards required by the most security conscious organizations.
In this blog you will learn how Zscaler Private Access (ZPA) and Frame DaaS can work together to provide a remote access solution to a private cloud with a simplified administrative model while maintaining a high level of security.
As enterprises continue to expand their IT footprint into the public clouds, extending existing private networking infrastructure into the public cloud has become more critical. To address the flexibility that this requires, Nutanix has added a Bring Your Own (BYO) Networking feature to its Frame™ Desktop-as-a-Service (DaaS) solution. In a previous blog, I walked through how to use this feature in the AWS® platform. In this blog, I will walk you through how an environment could be set up in an Azure® cloud infrastructure. Integration between your Frame-managed workloads with an actual private network depends on the specific implementation of your private network.